This howto will describe a method for automatically backing up your funtoo install to the internet, in this case dropbox, but any online storage will do. Gentoo describes a method of creating a stage 4 archive. The problem with a stage 4 is that it is large and it archives a lot of unnecessary files. Such as applications that can be reinstalled from an emerge world. Instead, this method will aim for more of a "stage 3.5."

+

{{Person

−

+

|Geoloc=47.78129, 7.34687

−

{{fancynote| This method does not attempt to backup everything. The intention is only to backup the system. Optionally you can also archive and copy your <tt>/home</tt> folder if you have enough online storage.}}

+

|Location name=Illzach

−

+

|Blogs=

−

== Use Case ==

+

}}

−

A backup machine currently provides network drives on a home LAN to allow clients on the LAN to backup to, using apps such as Time Machine (Mac) and Genie Timeline (Windows). As this machine ''is'' the backup machine it doesn't have anywhere to backup to itself. In this situation a backup solution is provided by backing up to somewhere online - dropbox. If a restore from the backup is required, the client machine's backups would be trashed, and the backup machine restored.

+

−

+

−

== Automatic Backup Archives With Etckeeper ==

+

−

Etckeeper is a tool that is used to save versions of <tt>/etc</tt>, including meta-data in a version control repository such as git.

+

−

As etckeeper is not in the funtoo portage tree, layman is used to provide an overlay.

+

−

=== Install etckeeper via layman ===

+

−

Before you install layman it is worth mentioning that you probably want <tt>USE="git subversion"</tt> in <tt>/etc/portage/make.conf</tt>. After adjusting use flags, to install layman you run:

+

−

<console>

+

−

###i## emerge layman

+

−

</console>

+

−

In order to backup the layman configuration, but not the portage overlay trees, make the following modifications to the default install.

+

−

Tell Portage about layman-fetched repositories by adding the following line to <tt>/etc/portage/make.conf</tt>:

+

−

+

−

<pre>

+

−

source /etc/layman/make.conf

+

−

</pre>

+

−

+

−

Modify the following lines in <tt>/etc/layman/layman.cfg</tt>:

+

−

+

−

<pre>

+

−

storage : /var/lib/layman

+

−

installed : /etc/layman/installed.xml

+

−

make_conf : /etc/layman/make.conf

+

−

</pre>

+

−

+

−

Add the bgo-overlay. As described on their web page, [http://bgo.zugaina.org/ bgo.zugaina.org].

After starting the dropbox daemon, it will provide a http link. You will need to visit this site just once to associate your computer with your dropbox account.

+

−

+

−

Write the cron job to make the backup archive and move it online. Edit the file <tt>/etc/cron.daily/backup</tt>:

+

−

+

−

<pre>

+

−

#! /bin/bash

+

−

cd /etc

+

−

git bundle create /tmp/backup.bundle --all

+

−

cd /tmp

+

−

mv -v -f backup.bundle /home/dropbox/Dropbox/Private/

+

−

</pre>

+

−

+

−

Make the script executable:

+

−

<console>

+

−

###i## chmod +x /etc/cron.daily/backup

+

−

</console>

+

−

+

−

=== Encrypt Backups ===

+

−

It is a good idea to encrypt your backup before moving it online. This can be done with gpg, using a symmetric (password only) or public/private key encryption. Additionally you can chose to sign the backup to check its integrity before restoring.

+

−

<console>

+

−

###i## emerge gpg

+

−

</console>

+

−

+

−

==== Symmetric Encryption ====

+

−

There is no preparation required to use a symmetric key as all that is required is simply a passphrase. Just modify the cron job. Edit <tt>/etc/cron.daily/backup</tt>:

{{fancywarning| If you forget this password the backup will be unusable. Lose the password and you lose the backup.}}

+

−

+

−

As there is now sensitive information in this file, you might want to remove read permission:

+

−

<console>

+

−

###i## chmod og-r /etc/cron.daily/backup

+

−

</console>

+

−

+

−

==== Private/Public key Encryption ====

+

−

Make a private/public encryption/decryptions key pair. The public key will be used to encrypt and the private key to decrypt.

+

−

<console>

+

−

###i## gpg --gen-key

+

−

</console>

+

−

The public key is used to create the encrypted backup and needs to live on the computer being backed up. A copy of the private key needs to be made and stored securely in another place. If this machine becomes unbootable, and this is the only place the private key lives, the backup dies with it.

+

−

The private key should not be kept:

+

−

# In the same place as the back up

+

−

# On the machine being backed up

+

−

{{fancynote| The private key is the only key that will decrypt the backup. Lose this key and/or it's password and you lose the backup.}}

+

−

+

−

List the private keys:

+

−

<console>

+

−

###i## gpg -K

+

−

/root/.gnupg/secring.gpg

+

−

------------------------

+

−

sec 2048R/0EF13559 2012-01-21

+

−

uid my_key <noone@example.com>

+

−

ssb 2048R/67417FEB 2012-01-21

+

−

</console>

+

−

+

−

The private key can be exported using either the key name or key number. In this case "my_key" or "0EF13559".

+

−

To cut and paste the key. Ie, if logging in remotely.

+

−

<console>

+

−

###i## gpg -a --export-secret-key 0EF13559

+

−

</console>

+

−

+

−

To create a key file:

+

−

<console>

+

−

###i## gpg -o private_decryption.gpgkey --export-secret-key 0EF13559

+

−

</console>

+

−

+

−

Now store this key somewhere secure. The backup is only as secure as the private key.